feat(libcrypto): move into the Portainer repository EE-5476 (#10230)

2025-07-24 15:59:41 +02:00 · 2023-09-01 17:27:19 -03:00 · 2023-09-01 17:27:19 -03:00 · 090fa4aeb3
commit 090fa4aeb3
parent 9a234204fa
12 changed files with 194 additions and 7 deletions
--- a/pkg/libcrypto/encrypt.go
+++ b/pkg/libcrypto/encrypt.go
@ -0,0 +1,34 @@
+package libcrypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"io"
+)
+
+// Encrypt encrypts data using 256-bit AES-GCM.  This both hides the content of
+// the data and provides a check that it hasn't been altered. Output takes the
+// form nonce|ciphertext|tag where '|' indicates concatenation.
+// Creates a 32bit hash of the key before encrypting the data.
+func Encrypt(data, key []byte) ([]byte, error) {
+	hashKey := Hash32Bit(key)
+
+	block, err := aes.NewCipher(hashKey)
+	if err != nil {
+		return nil, err
+	}
+
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+
+	nonce := make([]byte, gcm.NonceSize())
+	_, err = io.ReadFull(rand.Reader, nonce)
+	if err != nil {
+		return nil, err
+	}
+
+	return gcm.Seal(nonce, nonce, data, nil), nil
+}